Regulatory and Compliance Updates — USA, August — September 2018

Banner by Rachel Skiba

Our latest update on regulatory issues in the blockchain industry covers developments in the United States in August and September 2018. It was a busy period for several agencies with a number of consequential decisions.



On August 23, the U.S. Securities and Exchange Commission (SEC) continued its trend of rejecting applications to list bitcoin ETFs, blocking the applications for such ETFs that were made by ProShares, GraniteShares and Direxion. On September 26, the SEC delayed its decision on the ETF proposed by the option exchange Cboe, investment management firm VanEck and the blockchain company SolidX. The new deadline for a decision in the latter case is December 29.

Like July’s rejections of the ETFs managed by the Winklevoss twins, the SEC based its latest rejections on the concern that the underlying bitcoin spot markets could be subject to manipulation. See Ilan Sterk’s analysis of the decisions here. While the markets have certainly reacted negatively to these decisions, it isn’t actually clear what this means for the blockchain industry as a whole. In a perfect world, we would not necessarily want blockchain ETFs. An ETF creates several layers of separation between the holder and the asset — the holder needs to go through their broker, who goes through the ETF, which in turn is based on a futures contract. Each level takes their fees. This structure takes away a lot of the benefits of blockchain, which was supposed to be an asset you can interact with directly and in a peer-to-peer network. The short-term desire for an ETF reflects the fact that holding bitcoins is difficult for regular people and the market is undeveloped. A better focus for the blockchain industry is making it easier for individuals to interact with cryptoassets directly, rather than create ETFs or other synthetic substitutes. (link)

Tomahawk Coin

Continuing with its aggressive enforcement against ICOs that engage in fraudulent practices, on August 14th the SEC levied a heavy fine and issued a lifetime ban on a defendant who is accused of making fraudulent statements in ICO promotional materials. The ICO at issue was offering “Tomahawkcoins” which were purportedly convertible into equity and entitled the holder to profits from oil production.

According to the SEC’s order, the company’s promotional materials used inflated projections of profits from the oil production and secondary trading of the tokens, even though the company’s internal numbers were much lower.

The materials for investors also described the defendant as having a “flawless background” even though he had previously been convicted for being involved in a fraudulent securities offering. One interesting wrinkle in the case is that the ICO did not actually raise significant amounts of actual money. Instead, most of the tokens were issued in an airdrop bounty program, where individuals received tokens in exchange for providing online marketing services.

While it might seem odd that giving away tokens for free could be considered an unregistered “sale” of securities, the U.S. Securities Act defines this term broadly. A “sale” is any distribution of securities in exchange for value. Since the company receive marketing services (which have some level of value) in exchange for the tokens, the SEC took the position that this constituted a sale and therefore was required to be registered with the SEC or subject to an exemption under the securities laws. While the SEC had made similar rulings in the late 90s with respect to companies that gave away high-tech stocks in exchange for marketing services, this was the first time that the agency has made a similar ruling on an airdrop of blockchain tokens. (link)

Long Blockchain

A typical feature of SEC enforcement that we’ve noted in the past is the scrutiny the agency applies to companies that abruptly pivot to blockchain. In August, Long Blockchain (formerly a beverage company called Long Island Iced Tea) disclosed in a filing that it had received a subpoena from the SEC requesting the production of certain documents and that the company was cooperating with the investigation. Details about the investigation were not disclosed.

Riot Blockchain

Another company we have mentioned in previous updates, Riot Blockchain (formerly involved in making hormones for farm animals), gave some additional details on the SEC’s investigation and comments on their previous filings. According to the company, the SEC questioned Riot Blockchain’s disclosures regarding the accounting methods used, including how the company values its cryptocurrency mining operations and the fair value method it uses.

The SEC announced a series of more novel enforcement actions in early September.

“Bitcoin Tracker One” and “Ether Tracker One” Trading Suspensions

On September 9, 2018, the SEC issued a temporary order to suspend trading in two securities listed on the NASDAQ/OMX in Stockholm and the OTC Pink Sheets: Bitcoin Tracker One and Ether Tracker One.

These securities tracked the prices of Bitcoin and Ether, but were advertised as being simpler than ETFs. The SEC based its ruling on its view that there was as lack of consistent and accurate information regarding these securities that was resulting in confusion in the market.

Among other things, the SEC noted that some broker-dealers referred to these instruments as ETFs, others as “Exchange Traded Notes”, while the issuer referred to them as “non-equity linked certificates.” The ban was scheduled to last until September 20.

Crypto Asset Management

On September 11, the SEC issued a cease-and-desist order against a cryptocurrency hedge fund, Crypto Asset Management, LP. The fund settled and agreed to pay a $200,000 fine. According to the SEC’s order, the fund was formed in May 2017 as a Delaware-based pooled investment vehicle for investing in digital assets. The manager had previously operated crypto-investment funds in non-U.S. jurisdictions. The company’s leadership is now operating under the name Digital Capital Management.

The fund raised $3.7 million from various investors, through website advertising, and had a net asset value of $37 million in December 2018. The fund never filed a registration statement with the SEC for selling its own securities and also never registered as an investment company with the SEC to cover its activities investing in the securities of other companies on behalf of others.

Nevertheless, the fund’s marketing materials represented to investors that the fund was “the first regulated crypto asset fund in the United States” and also claimed to have filed a registration statement. The SEC’s order charged the fund and its managers with violating the registration requirements of both the Securities Act and the Investment Company Act, as well as for making materially false statements to investors.

SEC’s First Action against a Crypto Hedge Fund

This enforcement action is one of the first to target a cryptocurrency investment fund. Similar to its enforcement efforts against ICOs, the SEC appears to be starting by going after the low-hanging fruit, i.e., funds that flat-out ignored regulatory requirements and made fraudulent statements to unsophisticated retail investors on the internet.

However, there are other issues to watch in future enforcement actions.

Back in January, the SEC’s Division of Investment Management issued a staff letter highlighting various legal issues that they believed crypto funds would need to address before they can be registered. The issues raised were more technical, relating to how funds would comply with requirements to do a daily valuation of their holdings, meet custody requirements and ensure sufficient liquidity.

It is not clear how the SEC will go about enforcing these more technical requirements. It is possible that the SEC will also bring enforcement actions against funds that are not engaged in fraud but fail to comply with these more technical requirements. Alternatively, the SEC may continue to focus its efforts on the truly bad actors, and not bring enforcement actions against funds that make a good-faith effort to meet regulatory requirements and/or engage with more sophisticated investors.

This second approach could have long-term negative effects of creating an ambiguous environment, similar to the one that ICOs are currently facing. Without a clear record of enforcement actions and clarifying guidance, the law-abiding funds will not know if their practices are approved or not. (link) One indication that the SEC is continuing to look hard at crypto hedge fund were tweets on September 29 from a US-based digital asset management fund — Arrington XRP Capital — that indicated that, due to two subpoenas from the SEC, the fund is considering leaving the US.


Also on September 11, the SEC brought its first case accusing a respondent of acting as an unregistered “broker-dealer” with respect to cryptocurrency assets. Generally, anyone acting as a “broker” or “dealer” of securities is required to register with the SEC before effecting any transaction in or inducing or attempting to induce the purchase or sale of any securities.

Under these rules, the SEC issued a cease-and-desist order against TokenLot LLC., a self-described “ICO Superstore” that advertised and sold digital tokens to retain investors. The company, through its website platform, solicited investors to buy cryptocurrencies, took more than 5,800 orders for purchases, processed investor funds and handled more than 200 different types of digital tokens.

TokenLot also received payments from ICO issuers to market their tokens. The SEC claimed that some of the tokens TokenLot was involved in trading were securities (although the order does not specify which ones). TokenLot, according to the SEC, acted as a “broker” by facilitating the sales of digital tokens as part of ICOs, including by marketing the tokens, accepting orders and funds from investors, assisting investors and working with issues to transfer the purchased tokens to the investors. In addition, TokenLot acted as a “dealer” by selling digital tokens from its own account, after the issuer’s ICOs were completed. Accordingly, TokenLot violated the securities laws, which required it to register as a broker-dealer with the SEC prior to facilitating these transactions.

In response to the SEC’s action, TokenLot took significant remedial action, including hiring an intermediary acceptable to the SEC that would take possession and ultimately destroy of all of the remaining tokens in their inventory and tokens that they were eligible to receive once such tokens were delivered.

In view of these actions, the SEC agreed to somewhat lighter punishments, which included disgorging $471,000 of ill-gotten gains, fines of $45,000 for two of the individual defendants and a ban on involvement with the securities industry, with an option to apply for reentry after three years. This ruling represents another expansion of the areas of the crypto space that the SEC is looking into. It also is the first instance we are aware of in which the SEC demanded that tokens be destroyed.

TokenLot’s website now features a simple goodbye letter to customers.


On September 27, the SEC filed a complaint against broker-dealer 1Pool Ltd. and individual defendants associated with it. This time, the defendants were charged with selling security-based swaps without registering with the SEC. 1Pool marketed “contracts for difference” (“CFDs”), which allow investors to participate in price movements of securities without actually owning the underlying asset. The securities laws require such contracts to be registered with the SEC and the transactions to be executed on a national exchange.

While physically located in Austria and registered in the Marshall Islands, the defendants offered the CFDs over a website that was publicly available to anyone in the US with internet access, and did not take steps to check the identities of investors. The securities underlying the CFDs were varied, including stocks, commodities and foreign exchange pairs, as well as various crypto assets. However, the only way to fund accounts on the platform was to use bitcoins. Once an account was funded, holders could choose whether to take a long or short position in the underlying security, and 1Pool would take the opposite position.

The SEC found that the platform violated various laws, including failure to register as a broker-dealer, not conducting the transaction on a national exchange, and failing to register the CFDs themselves. Interestingly, the SEC complaint does not get into the question as to whether any of the underlying assets were securities, as several of the underlying assets clearly were (an undercover FBI agent located in Houston was able to make bets on stock of the Ford Motor Company), which rendered the more crypto-related legal issues less relevant.

However, the SEC still emphasized the fact that bitcoin was the currency used on the platform, warning that companies transacting with US investors cannot circumvent the securities laws by using cryptocurrency. The SEC is seeking injunctions against the defendants, disgorgement and civil penalties.


Wesley Bricker

In a less-punitive update, Wesley Bricker, the SEC’s chief accountant, gave a speech on September 17 in which he briefly addressed digital assets. Among other points, Bricker argued that companies that are involved in digital assets are required to keep books and records as required by law, even when blockchain technology and smart contracts are being used.

He gave some specific examples of requirements that companies need to consider, such as the requirement that financial reports accurately and fairly reflect the issuer’s transactions, protect the integrity of the audits and promote reliability and completeness of financial information. The speech also argued that while transactions done on a blockchain may be public, the participants are typically identified by public keys.

As a result, companies who report their financial statements with the SEC may need to disclose their counterparties, their transactions and their total balances. He also argued that companies involved in digital assets may need to make special disclosures of loss contingencies that are related to these activities, that auditors need to specifically consider whether companies involved in digital assets have sufficient compliance and control procedures as part of their audit, and that audit committees need to review whether the auditor has sufficient qualifications in digital assets before selecting or retaining the auditor. (link)


Not content to let the SEC work alone, the CFTC also brought a suit against 1Pool, the CFD seller discussed above. The CFTC’s complaint claimed that some of the underlying assets in the CFDs, such as gold and crude oil, were commodities and thus under their jurisdiction. The defendants were charged for failing to conduct such transactions on or subject to the rules of a board of trade that has been registered with the CFTC. The defendants also allegedly failed to register with the CFTC as a Futures Commission Merchant and did not diligently supervise or implement an adequate KYC program. The CFTC is also seeking disgorgement of ill-gotten gains, civil penalties, restitution and permanent bans. (link)

The CFTC also filed a second, more entertaining, lawsuit on September 28 against two defendants who allegedly ran fraudulent businesses misleading public to invest in foreign currency contracts, binary options and diamonds. The defendants offered fake investments on facebook and other social media sites in exchange for bitcoin. In reality, the defendants did not make the promised investments and misappropriate the funds, while providing account statements showing astronomical returns. As part of the scheme, the defendants impersonated CFTC officials, including the agency’s chief counsel. When victims tried to withdraw their funds, the defendants would falsely tell them that in order to withdraw the funds, they would need to pay a large tax to the CFTC. The “CFTC officials” would then attest to the validity of the tax, including by providing forged legal documents. The victims provided additional bitcoins to pay the “tax”, which were in turn appropriated by the defendants. The CFTC was not amused, and is charging the defendants with various violations and is seeking the typical penalties of restitution, disgorgement, civil monetary penalties and bans. (link)


The director of another important regulator, the Financial Crimes Enforcement Network (FinCEN), which is in charge of anti-money laundering and counter finance of terrorism regulation on a federal level in the US, gave a speech on August 9 that contained a few interesting comments. In the speech, director Kenneth Blanco reaffirmed that FinCEN considers certain ICOs to be subject to money transmitter regulations under the Bank Secrecy Act. In addition, the director clarified that the agency’s regulations cover transactions in which parties are transacting from one virtual currency to another, as well as to businesses that provide mixing and tumbling services when they accept and transmit virtual currency.

Kenneth Blanco when he served as Acting Assistant Attorney General (image, US Embassy in Argentina)

As for FinCEN’s enforcement efforts, which have not generated the same headlines as the SEC’s, Blanco stated that FinCEN has conducted examinations over 30% of all registered virtual currency exchangers and administrators. FinCEN has also examined unregistered crypto businesses, including trading platforms, ATM companies and peer-to-peer exchanges.

While FinCEN has “noticed some compliance shortcomings,” they have also seen an increase in suspicious transaction reporting as a result of their investigations. FinCEN now receives approximately 1,500 suspicious transaction reports per month involving virtual currencies. According to Blanco, these reports (generally from banks and virtual currency exchanges) have been instrumental in FinCEN’s investigations, including their blockbuster $112 million fine that shut down the BTC-e exchange in July 2017. The speech also notes that FinCEN is increasing its activities internationally and is working with other countries’ financial intelligence units to improve its understanding of virtual currency risks and effective approaches.


The Financial Industry Regulatory Authority is a self-regulatory organization that many players in the US financial system, especially broker-dealers, are required to be a member of under federal law. FINRA has the authority to impose its own rules (approved by the SEC) on its members and take enforcement actions. While FINRA has issued a report and some other theoretical discussion of blockchain technology and how it might impact the financial system, September 11 was the first time it brought an enforcement action.

FINRA filed a complaint against a defendant who allegedly tried to attract investment to a worthless public company by creating a token called “Hempcoin” (whose trading symbol you should all know is “THC”), which was advertised as the first mineable coin backed by marketable securities. The defendant claimed that the token represented 0.10 shares of common stock in the public company. Investors mined more than 81 million HempCoins and bought and sold the securities on crypto exchanges.

FINRA charged the defendant with selling unregistered securities, with making fraudulent statements to investors and with violating various FINRA rules (such as not reporting his participation in private securities transactions). Like other regulatory agencies, FINRA appears to be getting its feet wet by going after low-hanging fruit, in this case a defendant who blatantly ignored regulations and committed fraud. We will see if FINRA issues any definitive guidance on the more technical and ambiguous issues it has raised in its past reports.


A group of crypto exchanges announced on August 20 that they have formed a body called the Virtual Commodity Association to develop standards for the industry, particularly with respect to market manipulation and other fraudulent action. The organization’s introductory post indicates that it is intended to govern tokens that are commodities, and thus subject to CFTC jurisdiction, not securities which are subject to SEC regulation. The CFTC has the authority to regulate spot markets for commodities to prevent fraud and manipulation, as well as the derivative markets for some types of commodities. The Virtual Commodity Association is intended to be a voluntarily organization that does not have formal legal authority over its members. As such, it will differ from self-regulatory organizations in the securities markets, such as FINRA; the securities laws provide these organization with the legal power to make and enforce their rules. One issue the Virtual Commodity Association will have to navigate is the question of anti-trust — it may be difficult for the organization to pressure non-member exchanges to adopt its standards, or even to sanction its own members for failing to uphold them, as this could arguably be interpreted as one group of market participants illegitimately acting together to harm competing businesses. (link)

US Congress

In a May update, we noted that the relevant ethics regulations were amended to require members of Congress to disclose their cryptocurrency holdings. Bob Goodlatte, the chair of the judiciary committee in the House of Representatives, became the first Congressman to disclose crypto holdings on August 6, when he disclosed that he holds between $17,000 and $80,000 in digital currency, primarily bitcoin, ethereum and bitcoin cash.

Bob Goodlatte (public domain image)

The Senate’s committee on Energy and Natural Resources held a hearing about blockchain, which in large part was devoted to discussing the cost of cryptocurrency mining. Senators questioned whether mining could potentially have a negative impact on energy infrastructure and consumers, and discussed what communities can do to prepare. No firm conclusions were reached.

Otherwise on Capitol Hill, the crypto industry has engaged in significant lobbying in the past two months that is far more prominent than previous efforts. On September 21, the Congressional Blockchain Caucus announced that it had appointed two representatives, Representative Emmer from Minnesota and Representative Foster from Illinois, as co-chairs. The caucus also announced that it had introduced several bills in support of the blockchain industry.

Representatives Bill Foster (L) and Tom Emmer (R)

First, the caucus proposed a resolution that expresses support for digital currencies and blockchain technology, and, among other things, advocates that the US “should avoid undue restrictions on blockchain networks.”

The caucus also proposed bills with more teeth. The first, the Blockchain Regulatory Certainty Act, would exempt non-custodial blockchain entities from certain money transmitter regulations under the Bank Security Act. A second bill would, if passed, would create a safe harbor for taxpayers who receive cryptocurrency in a hard fork and make a good faith effort to comply with tax rules (which are currently very unclear in the case of hard forks).

In addition, on September 19, several members of Congress sent a letter to the IRS asking them to make the rules more clear on that issue as well as other tax issues involving cryptocurrencies, as well as the IRS’s subpoenas of Coinbase’s user data.

On September 28, another group of lawmakers sent a letter to SEC Chairman Clayton, asking the SEC to do more to clarify its position with respect to ICOs, and suggesting that the SEC issue formal guidance rather than continuing to proceed by individual enforcement actions.

This followed a September 24 event in which 80 representatives from the crypto and finance industries met with members of Congress and asked them to bring more legislative clarity to the crypto markets.

Rounding off the month, Ripple and several other blockchain companies announced that they had created a lobbying organization to advocate for the interests of the crypto industry. The lobbyists will, naturally, be paid in digital currency.

While the prospects of the specific proposals are not clear, all of these efforts are crucially important for the blockchain and crypto industries. We talk a good deal about the role of regulators, but the power of regulatory agencies and their ability to adapt are limited. Regulatory agencies generally work within a framework that has been set up by the legislative branch. They may have some discretion on the specific details of the rules, but they ultimately are obligated to stay within the broad lines that have been drawn by the underlying legal framework.

One major reason that regulatory agencies have been so far unable to give completely satisfactory answers to the questions raised by blockchain technology is that the existing legal framework did not have these issues in mind when it was formulated, and as a result not everything fits. Getting the legislators, who write the laws that set up the framework for regulators, to begin thinking about new approaches that address the issues raised by blockchain without limiting themselves to the existing system is an important step.

As part of the flurry of activity, the House of Representatives also passed a bill to set up a task force to combat the ability of terrorists to use cryptocurrency, as well as to limit the ability to use crypto to evade sanctions. The legislation also provides for a reward mechanism for those who provide information to regulators that leads to a conviction related to terrorist use of digital currency. (link)


A 19-year-old hacker was arrested in Santa Clara, California on August 18 for allegedly stealing approximately $1 million in bitcoins from various victims by SIM swapping, a form of fraud in which the target’s cell phone service is redirected to a SIM card under the control of the hacker. This arrest follows several other arrests by other agencies of other criminals accused of using a similar scheme. A suspect from Boston pointed law enforcement in the direction of the hacker, who appears to have been well-known among the community of those involved in such scams. These arrests indicate a high level of coordination among law enforcement across jurisdictions.

A 21-year old bitcoin dealer, named as Jacob Burrell-Campos, was arrested on August 13 for operating an illegal money transmission business without an anti-money laundering program, as well as for international money laundering. He conducted 971 transactions, selling approximately $750,000 worth of bitcoin in exchange for cash, with a no questions asked policy.

On September 6, a federal court seized a lamborghini and millions of dollars in cryptocurrency from a Thai defendant who was accused of facilitating sales of illegal goods and services on the dark web, but committed suicide before he could stand trial for identity theft, fraud, racketeering, trafficking and money laundering.

More positively, looking at general trends, an official with the U.S. Drug Enforcement Agency stated in an August 7 interview, that criminal activity has shrunk to only 10% of transactions in bitcoin, down from 90% in 2013.

Operation Cryptosweep

The North American Securities Administrators Association, which represents various local securities regulators from the US, Canada and Mexico, issued a press release on August 28 announcing that their coordinated investigations known as “Operation Cryptosweep” had expanded to encompass 200 different investigations. When the initiative was initially announced in April, 50 investigations were listed.


Ohio passed a bill on August 3 that officially recognizes blockchain data and smart contracts to be records kept in electronic form.


On August 29, California’s legislature passed a bill that requires the government to create a blockchain working group. This is a toned-down version of the original draft of the bill, which would have recognized blockchain-secured information as records for legal purposes, similar to the bill passed in Ohio. California’s election regulator, on September 21, barred bitcoin for campaign donations.


In Colorado, local securities regulators ordered three crypto firms accused of promoting unregistered ICOs to appear in court and justify their actions. On September 20th, the Colorado division of banking also issued regulatory guidance regarding whether cryptocurrency companies are considered money transmitters under state law. Under the guidance, direct transmission of cryptocurrency from one consumer to another does not require licenses. Transactions involving a third party also do not require licenses if there is a complete absence of fiat currency from a transmission. However, state licensure is required if (i) a person is engaged in the business of selling and buying cryptocurrency for fiat currency, a Colorado resident can transfer cryptocurrency to another customer within the exchange and (iii) the exchange has the ability to transfer fiat currency through the medium of cryptocurrency.

South Dakota

South Dakota regulators granted the wallet and security company Bitgo a state charter to serve as a qualified custodian for crypto. As a result, Bitgo will be subject to state regulatory scrutiny, including KYC/AML checks, filing of financial audits and monthly disclosures.


In Texas, the local securities regulator issued a cease and desist order against a Russian crypto company on September 18. The company allegedly claimed to be based in London and also falsely pretended to represent Coinbase and Coin Telegraph.

New York

On September 18, the New York Attorney General’s office (OAG) released a report on cryptocurrency exchanges as part of the Virtual Markets Integrity Initiative that it launched back in April. The OAG sent questionnaires to various exchanges asking for reports on their practices so that customers can make informed decisions. The report was based on answers from eight exchanges. Four exchanges refused to participate, on the theory that they don’t allow New York traders to participate. The OAG says they investigated this claim and reported three of these exchanges to the NY Department of Financial Services for possible violations of state law. Regarding the exchanges that did participate, the report claimed that it found significant problems, including widespread conflicts of interest, lack of effort to prevent market manipulation and lack of protection for consumer funds.

More constructively, the Department of Financial Services did give out some approvals, granting approval to applications for two new stablecoins.


In Arizona, a former crypto trader was convicted on August 2 of money laundering through a peer-to-peer bitcoin exchange he operated. Among other things, during the course of the investigation the defendant took $164,700 from a federal agent who told him they were proceeds from drug traffickers provided the drug dealers with bitcoins in exchange telling the agents that bitcoin was a great way to limit their exposure to law enforcement. Also in Arizona, the government’s regulatory sandbox for fintech companies began accepting applications. Accepted companies will be able to test their products on up to 10,000 residents in the state without complying with certain regulatory requirements (although they will still be subject to federal requirements). Certain blockchain and crypto companies are eligible. Arizona’s program is the first of its kind in the US.

This update has been prepared by the Orbs Ltd. legal team for informational purposes only and does not constitute advertising or solicitation and should not be used or taken as legal advice. Those seeking legal advice should contact legal counsel licensed in their jurisdiction. Transmission of this information is not intended to create, and receipt does not constitute, an attorney-client relationship. Confidential information should not be sent to Orbs Ltd. in response to this update.